TLDR
- Coinbase users are being bombarded with phishing emails alleging mandatory wallet transfers by April 1.
- Scammers issue pre-made recovery phrases that let them access transferred funds.
- Emails incorrectly assert a thrown-out SEC lawsuit as a reason for necessary wallet adjustments.
- Both Coinbase and Gemini exchanges have been mimicked in parallel frauds.
- Coinbase has alerted users it will never dispatch recovery phrases to customers.
Cryptocurrency enthusiasts are encountering fresh phishing onslaughts mimicking big exchanges like Coinbase and Gemini. These deceptive emails urge recipients to relocate their crypto holdings to self-custody wallets using recovery phrases supplied by the culprits.
Kicking off over the weekend, this phishing endeavor saw a barrage of emails hitting Coinbase users. The communications lie about a court ruling from a class-action lawsuit demanding asset relocation to personal wallets by April 1.
Is anyone else getting the fake @coinbase Emails and messages? They're becoming more refined by the day.
One ploy is a bogus verification text to coax you into dialing a sham support line, while another involves an email prompting you to establish a genuine wallet they plan to empty.
Stay safe out there. pic.twitter.com/8SgjPQeUqk
— Steve 🤙 (@SteveKBark) March 14, 2025
\"Coinbase will act as a registered broker, facilitating purchases, but all assets need transferring to Coinbase Wallet,\" the misleading emails claim. This concocts a fabricated imperative, pushing recipients to react hastily.
The scam is craftily contrived to give off an air of authenticity. Con artists guide victims to download the genuine Coinbase Wallet app, bolstering the scheme's credibility. Yet, they then supply pre-made recovery phrases.
The essence of the scam lies in these recovery phrases. Users unwittingly grant scammers full access to any funds moved to the corresponding wallets by setting up a new wallet using these phrases.
Reminder: Be cautious of recovery phrase scams.
We're aware of fresh phishing emails cropping up, pretending to be from Coinbase and Coinbase Wallet.
We'll never send you a recovery phrase, nor should you enter one provided by someone else. pic.twitter.com/E9Us5jNS4C
— Coinbase Support (@CoinbaseSupport) March 14, 2025
The emails reference a fictitious lawsuit by the U.S. Securities and Exchange Commission (SEC) against Coinbase concerning unregistered securities sales. This assertion is incorrect. The SEC scrapped its lawsuit against Coinbase on February 27, 2025.
Analogous phishing assaults have targeted Gemini exchange users. These emails employ the same ruse, asserting that recent court rulings necessitate new wallet setups. The SEC also concluded its legal activities against Gemini on February 26.
Coinbase has addressed the scam publicly. In a post on X on March 14, they cautioned users:
\"We'll never send you a recovery phrase, and you shouldn't enter a recovery phrase provided by someone else.\"
This recent attack emerges amidst a surge in phishing activity within the crypto arena. As per blockchain security firm CertiK , phishing intrusions inflicted a $1 billion loss on crypto users from 296 incidents in 2024, rendering them a formidable security hazard.
Those duped by such scams typically find all their transferred funds lost immediately. Scammers promptly gain control over any cryptocurrency forwarded to the compromised wallets and can siphon it off within moments.
The phishing emails foster a deceptive air of legitimacy by impersonating trusted exchanges. They often bear official logos, resembling layouts, and language that mirrors authentic communications from these entities.
Security experts advise crypto users to consistently verify communications through official exchange websites or apps. Users should never utilize recovery phrases offered by an outsider, even if the sender seems credible.
Fake Zoom Calls
This phishing scheme follows reports of other sophisticated scams targeting the crypto landscape. At least three crypto founders recently disclosed thwarting attempts from supposed North Korean hackers exploiting fake Zoom calls to pilfer sensitive data.
The California financial regulator has also issued alerts about seven novel crypto and AI scams currently preying on consumers. These evolving threats highlight how scammers continuously evolve new techniques aimed at cryptocurrency holders.
Crypto exchanges suggest enabling two-factor authentication and utilizing hardware wallets for enhanced security. They also stress that genuine companies won't request users to divulge recovery phrases or private keys via email, chat, or phone.
Victims shared samples of the scam emails on social media platform X, aiding in raising awareness about the looming threat. Community vigilance has played a pivotal role in alerting others to the persistent phishing campaign.
The SEC's dismissal of cases against both Coinbase and Gemini in February renders the scammers' assertions particularly misleading. No court has compelled these exchanges' users to relocate to self-custody wallets.
